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Abstract 

Finding strongly connected components (SCCs) in the state-space of discrete-state models is a 
critical task in formal verification of LTL and fair CTL properties, but the potentially huge number of 
reachable states and SCCs constitutes a formidable challenge. This paper is concerned with comput- 
ing the sets of states in SCCs or terminal SCCs of asynchronous systems. Because of its advantages 
in many applications, we employ saturation on two previously proposed approaches: the Xie-Beerel 
algorithm and transitive closure. First, saturation speeds up state-space exploration when computing 
each SCC in the Xie-Beerel algorithm. Then, our main contribution is a novel algorithm to compute 
the transitive closure using saturation. Experimental results indicate that our improved algorithms 
achieve a clear speedup over previous algorithms in some cases. With the help of the new transitive 
closure computation algorithm, up to 10 150 SCCs can be explored within a few seconds. 

1 Introduction 

Finding strongly connected components (SCCs) is a basic problem in graph theory. For discrete-state 
models, some interesting properties, such as FTF [8] and fair CTF, arc related with the existence of 
SCCs in the state transition graph, and this is also the central problem in the language emptiness check 
for co-automata. For large discrete-state models (e.g., 10 2 ° states), it is impractical to find SCCs using 
traditional depth-first search, motivating the study of symbolic computation of SCCs. In this paper, the 
objective is to build the set of states in non-trivial SCCs. 

The structure of SCCs in a graph can be captured by its SCC quotient graph , obtained by collapsing 
each SCC into a single node. This resulting graph is acyclic, and thus defines a partial order on the 
SCCs. Terminal SCCs arc leaf nodes in the SCC quotient graph. In the context of large scale Markov 
chain analysis, an interesting problem is to partition the state space into recurrent states, which belong 
to terminal SCCs, and transient states, which arc not recurrent. 

The main difficulties in SCC computation arc: having to explore huge state spaces and, potentially, 
having to deal with a large number of (terminal) SCCs. The first problem is the primary obstacle to 
formal verification due to the obvious limitation of computational resources. Traditional BDD-based 
approaches employ image and preimage computations on state-space exploration and, while quite suc- 
cessful in fully synchronous systems, they do not work as well for asynchronous systems. The second 
problem constitutes a bottleneck for one class of previous work, which enumerates SCCs one by one. 
Section 2.3 discusses this problem in more detail. 

This paper addresses the computation of states in SCCs and terminal SCCs. We propose two ap- 
proaches based on two previous ideas: the Xie-Beerel algorithm and transitive closure. Saturation, which 
schedules the firing of events according to their locality, is employed to overcome the complexity of state- 
space exploration. Pointing to the second difficulty, our efforts arc devoted to an algorithm based on the 
transitive closure, which does not suffer from a huge numbers of SCCs but, as previously proposed, often 
requires large amounts of runtime and memory. We then propose to use a saturation-based algorithm to 
compute the transitive closure, enabling it to be a practical method of SCC computation for complex 
systems. We also present an algorithm for computing recurrent states based on the transitive closure. 
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The remainder of this paper is organized as follows. Section 2 introduces the relevant background 
on data structure we use and the saturation algorithm. Section 3 introduces an improved Xie-Beerel 
algorithm using saturation. Section 4 introduces our transitive closure computation algorithm using sat- 
uration and the corresponding algorithms for SCC and terminal SCC computations. Section 6 compares 
the performance of our algorithms and that of Lockstep. 

2 Preliminaries 

Consider a discrete-state model (d9 , , S’ , 9^) where the potential state space 5? is given by the 

product ,Z^ x — x of the local state spaces of L submodels, thus each (global) state i is a tuple 

(i-L, 1 ) where L G -Z/ 0 for L > k > 1; the set of initial states is -Z /,,,7 C .Z; the set of (asynchronous) 
events is S\ the next-state function jV : k9 — > 2' 9 is described in disjunctively partitioned form as jV = 
U where Zj*(i) is the set of states that can be reached in one step when a fires in state i. We say 
that a is enabled in state i if ^V a (i) / 0. Correspondingly, 99 ~ l and 99 ~ 1 denote the inverse next-state 
functions, i.e., 99 (i) is the set of states that can reach i in one step by tiring event a. 

State-space generation refers to computing the set of reachable states from 99f na , denoted with -9 ',^ ■ 
Section 2.2 introduces our state-space generation algorithm called saturation , which is executed prior to 
the SCC computation as a preprocessing step. Consequently, -9 rc h, the sets .Z), and their sizes arc 
assumed known in the following discussion, and we let 99 ^ = {0, — 1}, without loss of generality. 

2.1 Symbolic encoding of discrete-state systems 

We employ multi-way decision diagrams (MDDs) [7] to encode discrete-state systems. MDDs extend 
binary decision diagrams (BDDs) by allowing integer-valued variables, thus arc suitable for discrete- 
state models with bounded but non-boolean valued state variables, such as Petri nets [10]. There arc two 
possible terminal nodes, 0 and 1, for all MDDs. Each MDD has a single root node. 

We encode a set of states with an L-level quasi-reduced MDD. Given a node a, its level is denoted 
with a.lvl where L > advl > 0. a.lvl = 0 if a is 0 or 1 and advl = L if it is a root node. If a is nonterminal 
and a.lvl = k, then a has n* outgoing edges labeled with {0, ...,% — 1}, each of which corresponds to a 
local state in .9/,. The node pointed by the edge labeled with q, is denoted with a[i J. If a[if) / 0, it must 
be a node at level k — 1. Finally, let 38(a) C ..Z/ ( x • • • x ,Z] be the set of paths from node a to 1. 

Turning to the encoding of the next-state functions, most asynchronous systems enjoy locality , which 
can be exploited to obtain a compact symbolic expression. An event a is independent of the k th submodel 
if its enabling does not depend on if, and its firing does not change the value of if,. A level k belongs to 
the support set of event a , denoted supp(a), if a is not independent of k. We define Top(a) to be the 
highest-numbered level in supp(a), and £% to be the set of events {ael: Top(a) = k}. Also, we let 
9i be the next-state function corresponding to all events in i.e., = [) ae ^ k 9)x- 

We encode the next-state function using 2L-level MDDs with level order L,L' V, where un- 
primed and primed levels correspond to “from” and “to” states, respectively, and we let Unprimed(k ) = 
Unprimed(k') = k. We use the quasi-identity-fully (QIF) reduction rule [13] for MDDs encoding next- 
state functions. For an event a with Top(a) = k, J9 a is encoded with a 2k-level MDD since it does not 
affect state variables corresponding to nodes on levels L,...,k+ 1; these levels are skipped in this MDD. 
The advantage of the QIF reduction rule is that the application of -A) only needs to start at level Top(a), 
and not at level L. We refer interested readers to [13] for more details about this encoding. 

2.2 State-space generation using saturation 

All symbolic approaches to state-space generation use some valiant of symbolic image computation. The 
simplest approach is the breadth-first iteration, directly implementing the definition of the state space 
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mdd Saturate({^4f,...,A{},mdd s ) 

mdd RelProdSat({Af, . . . ,mdd s.mdd r) 

1 if In Cache saturate (M ) then return r; 

1 if s = 1 and r = 1 then return 1; endif 

2 level k <— s.lvl', 

2 if InCache consReiProd{s, r d) then return r; endif 

3 mdd t <— NewNode{k)\ mdd r <— MU 

3 level k <— s.lvl', mdd t <— 0; 

4 foreach i e ,C k s.t. s[i\ f 0 do 

4 foreach i, i' e s.t. r[i\ [i']f 0 do 

• First saturate all its children 

5 mdd u^RelProdSat({Af,. .. ,Mj},s[f],r [/][/']); 

5 t[i] <— Saturate({Af, . . . ,Mj},s[/]); 

6 if u f 0 then 

6 endfor 

7 if t = 0 then t <— NewNode(k)\ endif 

7 repeat • Get a local fixed point on the root 

00 

T 

o 

K 

8 foreach i, i 1 e y k s.t. r[i] [;'] f 0 do 

9 endif 

9 mdd 

10 endfor 

RelProdSat({.Ai, . . . [i\,r [/][/']); 

11 t <— Saturate({ t i, . . . ,Mj}, UniqueTablePut{t))\ 

o 

T 

o 

• Return a saturated MDD 

1 1 endfor 

1 2 Cache Add Re ip m dSat (s, r , t ) ; 

1 2 until t does not change; 

13 return r; 

13 t <—UniqueTablePut(t)] 

• UniqueTable guarantees the uniqueness of each node 

1 4 Cache Add saturate ( s,t ) ; 

• Cache reduces complexity through dynamic programming 

15 return r; 



Figure 1: Saturation algorithms. 


S^ rc h as the fixed point of U U U mF 3 ^-,,*) U • • • . Given a set of states SC , 

their forward and backward reachable sets are forward ( SC ) = SC U jV ( SC ) U JV 1 ( SC ) U ,/F 3 ( SC ) U • • • 
and backward(SC) = S£ U U ( t /C _1 ) 2 (^T) U (o / ! /-1 ) 3 ( t i2T) U • • • . 

Locality and disjunctive partition of the next-state function form the basis of the saturation algorithm. 
The key idea is to apply the event firings in an order consistent with their Top. An event in S k will not 
be fired until the events in S% where li < k do not further grow the explored state space. We say that a 
node a at level k is saturated if it is a fixed point with respect to firing any event that is independent of 
all levels above k: \/h,k > li > 1 ,Va € i 6 SCp x . . . x ,5C k+ \ , {i} x S$(a) D M«({i} x Sd(a)) 

Figure 1 shows the pseudocode of the saturation algorithm. In function Saturate , the nodes in MDD 
s are saturated in order, from the bottom level to the top level. Different from the traditional relational 
product operation, RelProdSat always returns a saturated MDD. Saturation can also be applied to com- 
puting backwardfSC ) by using inverse next-state functions { ./Y L 1 , . . . ..A'f 1 }. 

2.3 Previous work 

Symbolic SCC analysis has been widely explored. Almost all of these algorithms employ BDD-based 
manipulation of sets of states. Many efforts have been made on computing the SCC hull. The SCC hull 
contains not only states in nontrivial SCCs, but also states on the paths between them. A family of SCC 
hull algorithms [12] with the same upper bound of complexity is available. We review two categories of 
previous work on the same problem as ours: transitive closure and the Xie-Beerel algorithm. 

Hojati et al. [6] presented a symbolic algorithm for testing co-regular language containment by com- 
puting the transitive closure, namely, ,A /+ = jV U JV 1 U ...A 3 U • • • . Matsunaga et al. [9] proposed a 
recursive procedure for computing the transitive closure. While it is a fully symbolic algorithm, due to 
the unacceptable complexity of computing the transitive closure, this approach has long been considered 
infeasible for complex systems. 

Xie et al. [15] proposed an algorithm, referred as the Xie-Beerel algorithm in this paper, combining 
both explicit state enumeration and symbolic state-space exploration. This algorithm explicitly picks 
a state as a “seed”, computes the for ward and backward reachable states from the seed and finds the 
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mdd Lockstep(mdd P) 

1 if(p = 0 ) then return 0 ; 

2 mdd ans<— 0; mdd seed <—Pick(P)', mddC<— 0; 

3 md d F f ron t <— JY (seed ) fl 3? \ md d B f mllt <— jY ~ 1 (seed) (~l \ 

4 mdd F< Ff ron t , mdd B B f rant ■ 

5 Whil Q(F f ron t 0 and Bfront 7 ^ 0) 

6 F/ ro „ f <— (C/ ro »? ) n & \ F ; <— <yF (Bf ron t ) n ^ \ F ; 

7 F <— F U Ffront ; B<r~BU Bfront', 

8 endwhile 

9 if (F/ro/if = 0) then 

10 mdd corn’ <— F; 

11 while(F /ro „,nF^0) doF/ ro „ r <- I yr(F /ro „ r )n^ 2 \F; B^BUB front \ endwhile 

12 else 

13 mdd conv <—B] 

14 while(F /ro „,nF^0) do Ff mn , <— (Ff ront ) n ^ \ F; F^FUF /ra „; endwhile 

15 endif 

16 if(FnF 7^0 ) then C<— (FnF)U seed; ans<-C', endif 

1 7 mis <— U Lockstep(conv \ C) U Lockstep(P \ (conv U seed))', 

18 return ans\ 

mdd XB_TSCC(mdd .Z) 

1 mdd tins ‘ — 0; mdd P 4 — -Z; mdd seed,F,B\ 

2 while (F^ 0 ) 

3 seed<—Pick(P)', F <— forward (seed) OF; F<— backward (seed) D F; 

4 if F\F = 0 then ans<— <msUF; endif • Find a terminal SCC 

5 F<— F\F; 

6 endwhile 

7 return ans; 

Figure 2: Lockstep for SCC computation and Xie-Beerel’s algorithm for terminal SCC computation. 


SCC containing this seed as the intersection of these two sets of states. Bloem et al. [2] presented a im- 
proved algorithm called Lockstep , shown in Figure 2. Lockstep(y rc h) returns the set of states belonging 
to non-trivial SCCs. It has been proven that Lockstep requires in 0(n log/;) image and preimage com- 
putations (Theorem 2 in [2]), where n is the number of reachable states. As shown in Figure 2, given a 
“seed” state, instead of computing sets of forward and backward reachable states separately, it uses the 
set which converges earlier to bound the other. This optimization constitutes the key point in achieving 
0(n\ogn) complexity. Ravi et al. [11] compared the SCC-hull algorithms and Lockstep. According 
to our experimental results, Lockstep often works very well for systems with few SCCs. However, as 
the number of SCCs grows, the exhaustive enumeration of SCCs becomes a problem. In this paper, we 
compare our algorithms to Lockstep. 

Xie et al. [14] proposed a similar idea in computing recurrent states in large scale Markov chains. 
The pseudocode of that algorithm is shown as XB TSCC in Figure 2. From a randomly picked seed state, 
if the forward reachable states (F) is a subset of backward reachable states (B), F is a ter mi nal SCC; 
otherwise (F (2 5), no terminal SCC exists in B , and B can be eliminated from future exploration. 

The main ideas of our two approaches belong to these two categories of previous work. In the 
Xie-Beerel algorithm, BFS-based state-space exploration can be replaced with saturation. For transitive 
closure computation, we propose a new algorithm using saturation. 
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mdd XBSaturation{mdd P) 

1 if(p = 0) then return 0; 

2 mdd ans mdd seed <—Pick(P)', 

3 mdd Ff mnt <— jV {seed) HP; mdd Bf mnt <r—^C~ l (seed) C\P', 

4 mdd F <— Saturate ({vlf- ■■ jV\\ ,F front) DP; 

5 mdd B^Saturate({^y^ 1 ■■■^i / l ~ l },Bf ro , l t)r\P', 

6 mdd C<-FnB; if C ^ 0 then <ms<— C; endif • Line 6 -8 are for computing SCCs 

7 cms <— ansUXBSaturation(F\C) CXBSaturation(P\F)\ 

8 return ans', 

6’ ifC\B = 0then ans^ansUF', endif • Line 6—8’ are for computing terminal SCCs 

7’ ans <— ans U XBSaturation ( P\B)\ 

8’ return ans', 

Figure 3: Improved Xie-Beerel algorithm using saturation. 


3 Improving the Xie-Beerel algorithm using saturation 

A straight forward idea is to employ saturation on the state-space exploration in the Xie-Beerel algorithm. 
The pseudocode of our algorithms for computing SCCs and terminal SCCs is shown as XBSaturation in 
Figure 3. The merit of our algorithms comes from the higher efficiency of saturation in computing 
forward and backward reachable states (B and F ). However, our algorithms need to compute B and F 
separately, while Lockstep can use the set that converges first to bound the other, which may reduce the 
number of image computations (steps). Thus, there is a trade-off between the advantages of BFS and 
saturation. From a theoretical point of view, the complexity of our algorithm can hardly be compared 
directly with the result in [2] , which measures the complexity by the number of steps. Since saturation 
executes a series of light-weight events firing instead of global image computations, its complexity cannot 
be captured as a number of steps. Furthermore, saturation results in more compact decision diagrams 
during state-space exploration, often greatly reducing runtime and memory. Performance is also affected 
by which seed is picked in each iteration. For a fair comparison, we pick the same seed in both algorithms 
at each iteration. The experimental results in Section 6 show that, for most models, the improved Xie- 
Beerel algorithm using saturation outperforms Lockstep, sometimes by orders of magnitude. 

4 Applying saturation to computing transitive closure 

We define the backward transitive closure (TC ') of a discrete-state model as follows: 

Definition 4.1. A pair of states (i,j) G T C 1 iff there exists a non-trivial ( /.<?., positive length) path n 
from j to i, denoted by j— >i. Symmetrically, we can define TC where (i,j) £ TC iff i— »j. 

As TC and TC -1 are symmetric to each other, we focus on the computation of TC -1 . TC can then 
be obtained from T C 1 by simply swapping the unprimed and primed levels. Our algorithm is based on 
the following observation: 

(i,j) £ TC~ l iff 3k £ yC~ l (i) and j £ Saturate({df~ 1 ,■ ■ • ,M^ _1 },{k}) 

Instead of executing saturation on j for each pair of (i, j), we propose an algorithm that executes on the 
2L-level MDD encoding . In function SCCTTC(xF~ l ) of Figure 4, TC~ l is computed in line 1 
using function TransClosureSat, which runs bottom-up recursively. Si mi lar to the idea of saturation 
shown in Figure 1, this function runs node- wise on primed level and fires lower level events exhaustively 
until the local fixed point is obtained. This procedure guarantees the following Lemma. 
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Lemma: Given a 2k-level MDD n, TrcinsClosureSat(n) returns an 2k-level MDD t that for any (U) G 
38 (n), all (i,k) where k E belong to 38 (t). 

Theorem: TransClosureSat(cC~ l ) returns TC 1 . 

This theorem can be proved directly from Lemma and the definition of TC -1 . The pseudocode of 
the SCC computation using TC~ l is shown in SCCTTC in Figure 4. Then, function TCtoSCC extracts all 
states i such that (i,i) E TC 1 . 

Unlike SCC enumeration algorithms like Xie-Beerel’s or Lockstep, the T C-bascd approach does not 
necessarily suffer when the number of SCCs is large. Nevertheless, due to the complexity of building 
T C 1 , this approach is considered not feasible for complex systems. Thanks to the idea of saturation, our 
algorithm of computing T C 1 completes on some large models, such as the dining philosopher problem 
with 1000 philosophers. For some models containing large numbers of SCCs, the T C-bascd approach 
shows its advantages. While the T C-bascd approach is not as robust as Lockstep, it can be used as the 
substitute for Lockstep when Lockstep fails to exhaustively enumerate all SCCs. 

TC~ l can also be employed to find recurrent states, i.e., terminal SCCs. As the other SCCs arc not 
reachable from terminal SCCs, state j belongs to a terminal SCC iff Vi, j — >i ==> i^j. Given states i, j, 
let j i — > i denote that j — > i and ->(i — ► j). We can encode this relation with a 2L-level MDD, which can 
be obtained as TC~ l \ TC. The pseudocode of this algorithm is shown as TSCCTTC in Figure 5. The set 
of { (i, j) |j i} is encoded with a 2L-level MDD L. Then, the set of states {j|3i,j i-> i}, which do not 

belong to terminal SCCs, is computed by quantifying out the unprimed levels and can be stored in MDD 
nontscc. The remaining states in SCCs are recurrent states belonging to terminal SCCs. 

To the best of our knowledge, this is the first symbolic algorithm for terminal SCC computation 
using the transitive closure. This algorithm is more expensive in both runtime and memory than SCC 
computation because of the computation of the i— ► relation. With the help of TransClosureSat, this 
algorithm works for most of the models we study. Moreover, for models with many terminal SCCs, this 
algorithm also shows its unique benefits. 

5 Fairness 

One application of the SCC computation is to decide language emptiness for an co-automaton. The lan- 
guage of an co-automaton is nonempty if there is a nontrivial fair loop satisfying a certain fair constraint. 
Thus, it is necessary to extend the SCC computation to finding fair loops. Biichi fairness (weak fair- 
ness) [5] is a widely used fair condition specified as a set of sets of states . . , JZ',,}. A fair loop 

satisfies Biichi fairness iff, for each i = {1, . . . ,n}, some state in is included in the loop. 

Lockstep is able to handle the computation of fair loops as proposed in [2], Here we present a 
TC-based approach. Assume TC and TC X have been built, let 5C weak be the set of states i satisfying: 

n [3f m G . (rc(f m , i) A TC~ 1 (f m , i) )] 

According to the definition of weak fairness, it can be proved that SC weak contains all states in the fair 
loops. The pseudocode of computing '/ ! weak is shown in Figure 6. x T/' nk returns a 2L-level MDD 
encoding all pairs of states (i,j) where i G and j G T/'n-h- The main complexity lies in computing 
T’C(iJ) A TC -1 (i, j), which is similar to computing the i— > relation in the terminal SCC computation. 

6 Experimental results 

We implement the proposed approaches in SMART [4] and report experimental results obtained on an 
Intel Xeon 3.0Ghz workstation with 3GB RAM under SuSE Linux 9.1. All the models are described as 
the Petri nets expressed in the input language of SMART. These models include a closed queue networks 
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mdd SCC.TC{^- 1 ) 

1 mdd TC~^ ^~TransClosureSat(NC~ 1 )] 

2 mdd SCC <- TCtoSCCa e 1 ) ; 

3 return SCC] 

mdd TransClosureSat(mdd n) 

1 f liiC(U‘hci ra „ s ciosiueS(it (><■! ) then return t , 

2 level k <— n.lvl] mdd t <— NewNode(k)] mdd r < — '-^unimmeiH.k) 

3 foreach i,j e ,5^; s.t. n[/][/] 7 ^ 0 do t [;] [7] 4 — TransClosureSat(n[i] [7]); endfor 

4 foreach i e SC Unprimed{k) s.t. n[/]^0 

5 repeat • Build a local fixed point 

6 foreach 7, / e ^ Unpnmed(k) s.t. n [/] [7] 7 ^ 0 and r[j] [/] ^ 0 do 

7 mdd u^-TCRelProdSat(t[i][j],r[j][j'])] ?[/][/] <— Or (t [/][/],«); 

8 endfor 

9 until t does not change; 

10 endfor 

11 t <—UniqueTablePut(t)] Cache AddTmmCiosureSat( n d)> 

12 return t\ 

mdd TCRelProdSat{mdd n,mdd r ) 

1 if n = 1 and r = 1 then return 1; 

2 if InCacheTCRdProdSatin, r,t) then return t] 

3 level k 4— n.lvl ] mdd t 4— 0; 

4 foreach i e ^ Unpnmed(k) s.t. n[/]^0 do 

5 foreach 7,/ e ■^ Unpnmed ( k} s t. n[i] [7] 7^0 and r[j]\j']^0 do 

6 mdd m<— TCRelProdSat(n[i][j],r[j][f])', 

7 if u ± 0 then 

8 if t = 0 then 1 4— NewNode(k)\ endif 

9 t[i\[f] <- Or(t[i][f],u)] 

10 endif 

1 1 endfor 

12 endfor 

1 3 t <— TransClosureSat(UniqueTablePut(t))\ Cache AddTCReiProdSat{ n i r d)\ 

14 return t\ 

mdd TCtoSCC(mdd n) 

1 if n = 1 return 1; if InCache T ctoscc{n,t) then return t\ 

2 mdd f<— 0; /eve/ £4— n./v/; 

3 foreach i e y Un primed(k) s.t. «[/][/] 7^0 do 

4 if TCtoSCC{n [/][/]) 7^0 then 

5 if f = 0 then t New Node (k)] endif 

6 f[/] 4 — TCtoSCC(n [/][/]); 

7 endif 

8 endfor 

9 t ^UniqueTablePut(t)\ Cache AddrctoSCc{ n d)\ 

10 return t\ 


Figure 4: Building the transitive closure using saturation. 


(1 cqn ) discussed in [15], two implementations of arbiters (arbiter l, arbiter2)\ 1 1, one which guarantees 
fairness and the other which does not, the N-queen problem (queens), the dining philosopher problem 
(plii!) and the leader selection protocol (leader) [3], The size for each model is parameterized with N. 
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mdd TSCC.TC{^~ 1 ) 

1 mdd TC~ l <—TransClosureSat(^/C~ 1 )', mdd TC<—Inverse(TC~ 1 )', 

2 mdd SCC^TCtoSCC{TC~ l )\ 

3 mdd L^TC~ l \TC\ 

4 mdd nontscc-^—QuantifyUnprimed{L)\ 

5 mdd recurrent <— SCC\nontscc\ 

6 return recurrent'. 


Figure 5: Computing recurrent states using transitive closure. 


mdd FairLoopdrC^rch,^ 1 

1 mdd TC~ l <—TransClosureSat(^/C~ 1 )', mdd TC<—Inverse(TC~ 1 )', 

2 mdd S wea k ‘ y rc h i 

3 foreach m e {1,...,?;} 

4 mdd p<r-QuantifyUnprimed(J'C~\ ATC A (^ m x y rc h))\ 
b Sweak ‘ S wea fc IP p , 

6 endfor 

7 return S weak \ 


Figure 6: Computing fair loops using transitive closure. 


The number of SCCs (terminal SCCs) and states in SCCs (terminal SCCs) for each model obtained from 
(terminal) SCC enumeration is listed in column “SCC” (“TSCC”) and column “States” respectively. The 
upper bounds for runtime and size of unique table (i.e., the storage for the MDD nodes) are set to 2 hours 
and 1GB respectively. The main metrics of our comparison arc runtimes and peak memory consumption 
(for the unique table, storing the MDD nodes, plus the cache). 

The top part of Table 1 compares three algorithms for SCC computation: the T C-bascd algorithm 
(column “TC”) presented in Section 4, the improved Xie-Beerel algorithm (column “XBSat”) presented 
in Section 3, and Lockstep (column “Previous algorithm”) in Section 2.3. Coupled with saturation, 
the improved Xie-Beerel algorithm is better than Lockstep for most of the models in both runtime and 
memory. Compared with Lockstep, the T C-bascd algorithm is often more expensive. However, for two 
models, queens and arbiter 2 , the T C-bascd algorithm completes within the time limit while the other 
two algorithms fail. For arbiter 2 , our T C-bascd algorithm can explore over 10 15<) SCCs in a few seconds, 
while it is obviously not feasible for SCC enumeration algorithms to exhaustively enumerate all SCCs. 
To the best of our knowledge, this is the best result of SCC computation reported, stressing that the TC- 
based algorithm is not sensitive to the number of SCCs. With our new algorithm, the transitive closure 
can be built for some large systems, such as the dining philosopher problem with 1000 philosophers. 

The bottom paid of Table 1 compares the improved Xie-Beerel algorithm, XBSaturation , (column 
“XBSat”) and algorithm TSCC-TCSat (column “TC”), presented in Section 3 and 4, respectively, for 
terminal SCC computation, with XB_TSCC (column “Previous algorithm”) in Section 2.3. The basic 
trends are similar to the results of SCC computations, XBSaturation works consistently better than the 
original method, while TSCCTTC is less efficient for most models. In the Xie-Beerel framework, it is 
faster to compute terminal SCCs than all SCCs because a larger set of states is pruned in each recursion. 
On the contrary, TSCCCTC is more expensive than SCCTTC due to the computation of the i— ► relation, 
which has large memory and runtime requirements. Nevertheless, for models with large numbers of 
terminal SCCs, such as queens, TSCCXTC shows its advantage over the Xie-Beerel algorithm. 

We conclude that saturation is effective in speeding up the SCC and terminal SCC computations 
within the framework of the Xie-Beerel algorithm. Also, our new saturation-based TC computation can 
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Model 

SCC/TSCC 

States 

TC 

XBSat 

Previous algorithm 

name 

N 

mem(MB) 

time(sec) 

mem(MB) 

time(sec) 

mem(MB) 

time(sec) 

Results for the SCC computation 


10 

11 

2.09e+10 

34.2 

13.6 

3.4 

<0.1 

4.0 

3.9 

cqn 

15 

16 

2.20e+15 

64.4 

73.8 

5.0 

0.2 

89.1 

44.5 


20 

21 

2.32e+20 

72.7 

687.8 

25.8 

0.5 

118.7 

275.0 


100 

1 

4.96e+62 

5.0 

0.5 

3.2 

<0.1 

52.0 

4.5 

phil 

500 

1 

3.03e+316 

33.0 

4.0 

24.5 

0.1 

- 

to 


1000 

1 

9.18e+626 

40.5 

7.8 

29.1 

0.3 

- 

to 


10 

3.22e+4 

3.23e+4 

8.2 

1.6 

64.4 

14.5 

63.9 

12.4 

queens 

11 

1.53e+5 

1.53e+5 

45.8 

9.0 

94.2 

108.6 

96.3 

93.6 

12 

7.95e+5 

7.95e+5 

184.8 

60.6 

170.2 

1220.4 

281.9 

1663.9 


13 

4.37e+6 

4.37e+6 

916.5 

840.6 

- 

to 

- 

to 


3 

4 

6.78e+2 

6.0 

1.4 

20.8 

<0.1 

20.8 

<0.1 

leader 

4 

11 

9.50e+3 

70.3 

73.1 

25.4 

1.1 

23.8 

0.3 

5 

26 

1.25e+5 

116.6 

3830.4 

35.6 

40.8 

49.4 

6.4 


6 

57 

1.54e+6 

- 

to 

41.6 

1494.9 

417.2 

387.9 


10 

1 

2.05e+4 

24.1 

1.2 

21.4 

<0.1 

21.8 

0.1 

arbiter l 

15 

1 

9.83e+5 

128.3 

63.0 

45.1 

<0.1 

62.1 

6.8 


20 

1 

4.19e+7 

mo 

- 

709.7 

<0.1 

mo 

- 


10 

1024 

1.02e+4 

20.3 

<0.1 

26.2 

0.7 

31.1 

1.1 

arbiter 2 

15 

32768 

4.91e+5 

20.4 

<0.1 

31.1 

51.8 

211.3 

990.3 

20 

1.05e+6 

2.10e+7 

20.4 

<0.1 

31.2 

2393.3 

- 

to 


500 

3.27e+150 

1.64e+151 

41.0 

4.0 

- 

to 

- 

to 

Results for the terminal SCC computation 


10 

10 

2.09e+10 

37.9 

15.5 

21.4 

<0.1 

33.5 

3.4 

cqn 

15 

15 

2.18e+15 

64.8 

79.6 

23.0 

0.3 

59.4 

33.7 


20 

20 

2.31e+20 

72.7 

691.3 

26.2 

0.8 

90.0 

280.5 


100 

2 

2 

26.5 

0.5 

20.9 

<0.1 

39.2 

8.7 

phil 

500 

2 

2 

34.3 

4.1 

23.2 

<0.1 

- 

to 


1000 

2 

2 

44.4 

11.3 

26.5 

0.2 

- 

to 


10 

1.28e+04 

1.28e+4 

36.2 

3.0 

46.7 

2.8 

62.3 

35.1 

queens 

11 

6.1 le+04 

6.11e+4 

76.5 

19.3 

70.6 

24.5 

145.2 

364.2 


12 

3.14e+05 

3.14e+5 

244.1 

205.4 

98.8 

179.4 

mo 

- 


13 

1.72e+06 

1.72e+6 

mo 

- 

269.0 

1940.81 

mo 

- 


3 

3 

3 

26.6 

1.5 

20.7 

<0.1 

21.4 

0.1 

leader 

4 

4 

4 

70.6 

75.1 

24.4 

0.9 

38.0 

4.5 

5 

5 

5 

119.3 

3845.3 

30.6 

26.9 

41.1 

87.6 


6 

6 

6 

- 

to 

39.0 

492.9 

44.8 

1341.5 


10 

1 

2.05e+4 

24.1 

1.2 

20.4 

<0.1 

22.4 

0.4 

arbiter l 

15 

1 

9.83e+5 

128.3 

63.1 

20.4 

<0.1 

65.3 

23.3 


20 

1 

4.19e+7 

mo 

- 

20.5 

<0.1 

- 

to 


10 

1 

1 

20.4 

<0.1 

20.9 

<0.1 

39.6 

6.4 

arbiter 2 

15 

1 

1 

20.5 

<0.1 

40.6 

4.6 

- 

to 


20 

1 

1 

20.5 

<0.1 

450.0 

2897.8 

- 

to 


Table 1: Results for SCC and terminal SCC computations. 


tackle some complex models with up to 10 15<) states. Finally, for models with huge numbers of SCCs, 
the TC-based SCC computation has advantages over Lockstep, which detects SCCs one-by-one. 


While our TC-based approach is not a replacement for Lockstep, we argue that it is an alternative 
worth further research. For a model with an unknown number of existing SCCs, employing both of 
these approaches at the same time could be ideal. Given current trends in multi-core processors, it is 
reasonable to run the two algorithms concurrently, possibly sharing some of the common data structures, 
such as the MDDs encoding the state space and next-state functions. 
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7 Conclusion 

In this paper, we focus on improving two previous approaches to SCC computation, the Xie-Beerel 
algorithm and TC, using saturation. We first employ the saturation on the framework of the Xie-Beerel 
algorithm. In the context of the asynchronous models we study, the improved Xie-Beerel algorithm using 
saturation achieves a clear speedup. We also propose a new algorithm to compute TC using saturation. 
The experimental results demonstrate that our T C-based algorithm is capable of handling models with 
up to 10 150 of SCCs. As we argue, the T C-bascd approach is worth further research because of its 
advantages when used on models with large numbers of SCCs. 
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